Open atluxity opened 6 months ago
@daemitus , @GoZ8 , @prisma2user I see that at some point you all have contributed to this connecotr. would you mind having a look at this issue?
does opencti even support it, or would this just end up being an observable with an empty hash?
Currently, OpenCTI does not support this type of hash. We need to implement it in the platform first. It is not something we plan to do in the short term.
Description
According to ThreatFox statistics page there has been 21 IOCs of type sha3_384_hash added to ThreatFox, but the connector does not support it.
Environment
Reproducible Steps
Steps to create the smallest reproducible scenario:
Expected Output
Expected import of sha3_384 hash into OpenCTI as indicator
Actual Output
Nothing, not supported by connector, ignored.
Additional information
As far as I understand its is a matter of updating the README for documentation, and line https://github.com/OpenCTI-Platform/connectors/blob/master/external-import/threatfox/src/main.py#L239
But as I do not have proper setup to test before yolo commit I am reluctant to start fiddling with it.